Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old April 16th, 2005, 03:50 PM
SAT SAT is offline
New Member
 
Join Date: Apr 2005
Posts: 25
Unhappy Smart-Security Desktop Hijack !!HELP!!

Hi,
I need some help i don't know how but a company called Smart-Security has installed a desktop ad on my desktop and i can't remove it. I've tried the companys removal tool but can't find a solution.

PLEASE HELP!!
Reply With Quote


  #2  
Old April 16th, 2005, 07:41 PM
tetonbob tetonbob is offline
Senior Member
 
Join Date: Jul 2004
Location: Brevard, NC
Posts: 705
Hi SAT -

First let's start with a log from HijackThis....

Get HijackThis . Run the scan, save the log, but do not fix anything yet. Many files it finds are harmless, and required for your system to operate. Post the log here.
Reply With Quote
  #3  
Old April 17th, 2005, 11:01 AM
SAT SAT is offline
New Member
 
Join Date: Apr 2005
Posts: 25
Exclamation Hijack This Log

Here is the Hijack This Log:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mfcju.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\appnz.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system32\swcroot.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\open32.exe
C:\WINDOWS\Ebo.exe
C:\PROGRA~1\AOL9~1.0A\waol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\DOWNLO~1\CITYTR~1.EXE
C:\Program Files\AOL 9.0a\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
C:\PROGRA~1\AOL9~1.0A\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
c:\progra~1\intern~1\iexplore.exe
C:\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ctpzd.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ctpzd.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ctpzd.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ctpzd.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ctpzd.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ctpzd.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ctpzd.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=lili111
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=lili111
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0AF23546-627B-E7D6-AEB6-CBB4FC91EBE4} - C:\WINDOWS\system32\ntvx32.dll (file missing)
O2 - BHO: (no name) - {24EC266E-58F6-C76B-ECDF-18E86769E35F} - C:\WINDOWS\sysod32.dll (file missing)
O2 - BHO: (no name) - {2CE711D5-3677-6478-9DBE-8A8DEE743E69} - C:\WINDOWS\system32\d3jm32.dll (file missing)
O2 - BHO: (no name) - {3538678A-BDB3-602E-C7FF-6CAB5FA168EC} - C:\WINDOWS\system32\netrk32.dll (file missing)
O2 - BHO: (no name) - {3BAEACBD-6D25-4282-0896-4FA149FAF324} - C:\WINDOWS\msuj32.dll (file missing)
O2 - BHO: (no name) - {457FC705-1005-04F4-EDA9-964939906284} - C:\WINDOWS\system32\ntrw32.dll (file missing)
O2 - BHO: (no name) - {4A6D173C-FEB5-A78F-B935-68286B007E44} - C:\WINDOWS\system32\winmz32.dll (file missing)
O2 - BHO: (no name) - {5367AF43-53A3-260E-9D79-0CDB4035A008} - C:\WINDOWS\system32\sdkdg32.dll (file missing)
O2 - BHO: (no name) - {6F78A8DF-CCFD-8F45-6673-865E1F2FB01D} - C:\WINDOWS\atlxj.dll (file missing)
O2 - BHO: (no name) - {713BB4D3-0B7C-1D3D-8240-26C661FA80FC} - C:\WINDOWS\ipnx32.dll (file missing)
O2 - BHO: (no name) - {736B2606-0CE4-B4AB-BA2F-72E515DE240F} - C:\WINDOWS\atlzw.dll (file missing)
O2 - BHO: (no name) - {7E72EF25-4095-D844-4224-B322BFBF6B06} - C:\WINDOWS\system32\javanq.dll (file missing)
O2 - BHO: (no name) - {95E91DD0-550D-630E-CCFD-E929FF768505} - C:\WINDOWS\system32\netve32.dll (file missing)
O2 - BHO: (no name) - {A3DEAD28-EE65-AB87-0D4A-5AA324BCB9A7} - C:\WINDOWS\mfcwz.dll (file missing)
O2 - BHO: (no name) - {B9DB1D1D-24EF-8B33-2149-F69C3F37D817} - C:\WINDOWS\system32\winpc32.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CFB9CE71-CDC7-9E68-F759-092DB4EFCA15} - C:\WINDOWS\system32\mfcwt32.dll (file missing)
O2 - BHO: (no name) - {DD35522C-E086-2B5A-7652-36886F75C9C3} - C:\WINDOWS\winab32.dll (file missing)
O2 - BHO: (no name) - {E2A94F9F-7AED-6BE3-46D5-174F791F1A84} - C:\WINDOWS\addah32.dll (file missing)
O2 - BHO: (no name) - {EE97177B-4907-8370-869F-6F75B86D03A0} - C:\WINDOWS\system32\sysyb.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.d ll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [appnz.exe] C:\WINDOWS\system32\appnz.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [Software] C:\WINDOWS\System32\Software\software.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe
O4 - HKLM\..\Run: [swcroot] c:\windows\system32\swcroot.exe
O4 - HKLM\..\Run: [BINDCOALFLAPHIDE] C:\Documents and Settings\All Users\Application Data\Manager hold bind coal\JugsCool.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [Eks] C:\WINDOWS\Ebo.exe
O4 - HKLM\..\Run: [Ubi] C:\WINDOWS\System32\Qms.exe
O4 - HKLM\..\Run: [Jhs] C:\WINDOWS\System32\Mdr.exe
O4 - HKLM\..\Run: [Kno] C:\WINDOWS\System32\Jvv.exe
O4 - HKLM\..\Run: [Ach] C:\WINDOWS\Tjs.exe
O4 - HKLM\..\Run: [Iln] C:\WINDOWS\System32\Qcm.exe
O4 - HKLM\..\Run: [Gdg] C:\WINDOWS\System32\Vka.exe
O4 - HKLM\..\Run: [Egr] C:\WINDOWS\Bik.exe
O4 - HKLM\..\Run: [Voh] C:\WINDOWS\Rfc.exe
O4 - HKLM\..\Run: [Oqc] C:\WINDOWS\Bei.exe
O4 - HKLM\..\Run: [Eda] C:\WINDOWS\Ikk.exe
O4 - HKLM\..\Run: [Jdg] C:\WINDOWS\System32\Cdr.exe
O4 - HKLM\..\Run: [Ibu] C:\WINDOWS\System32\Pkg.exe
O4 - HKLM\..\Run: [Dmm] C:\WINDOWS\Lvr.exe
O4 - HKLM\..\Run: [Gfh] C:\WINDOWS\System32\Rdn.exe
O4 - HKLM\..\Run: [Qir] C:\WINDOWS\Lai.exe
O4 - HKLM\..\Run: [Nui] C:\WINDOWS\Dif.exe
O4 - HKLM\..\Run: [Vso] C:\WINDOWS\System32\Nvs.exe
O4 - HKLM\..\Run: [Nao] C:\WINDOWS\Mjl.exe
O4 - HKLM\..\Run: [Gif] C:\WINDOWS\System32\Dul.exe
O4 - HKLM\..\Run: [Hnk] C:\WINDOWS\System32\Csm.exe
O4 - HKLM\..\Run: [Kvu] C:\WINDOWS\Vce.exe
O4 - HKLM\..\Run: [Das] C:\WINDOWS\System32\Pbm.exe
O4 - HKLM\..\Run: [Rkn] C:\WINDOWS\Vpp.exe
O4 - HKLM\..\Run: [Mpf] C:\WINDOWS\Amg.exe
O4 - HKLM\..\Run: [Lrj] C:\WINDOWS\System32\Rod.exe
O4 - HKLM\..\Run: [Jfg] C:\WINDOWS\System32\Gom.exe
O4 - HKLM\..\Run: [Kkg] C:\WINDOWS\Qon.exe
O4 - HKLM\..\Run: [Nks] C:\WINDOWS\System32\Eas.exe
O4 - HKLM\..\Run: [Vvr] C:\WINDOWS\Pre.exe
O4 - HKLM\..\Run: [Rsr] C:\WINDOWS\Hvk.exe
O4 - HKLM\..\Run: [Qij] C:\WINDOWS\System32\Lan.exe
O4 - HKLM\..\Run: [Nsn] C:\WINDOWS\System32\Smp.exe
O4 - HKLM\..\Run: [Fvg] C:\WINDOWS\System32\Qgt.exe
O4 - HKLM\..\Run: [Cip] C:\WINDOWS\System32\Tdo.exe
O4 - HKLM\..\Run: [Clc] C:\WINDOWS\System32\Tiq.exe
O4 - HKLM\..\Run: [Hqu] C:\WINDOWS\Bfe.exe
O4 - HKLM\..\Run: [Uok] C:\WINDOWS\System32\Ggg.exe
O4 - HKLM\..\Run: [Qjg] C:\WINDOWS\Vmj.exe
O4 - HKLM\..\Run: [Fcp] C:\WINDOWS\Lmh.exe
O4 - HKLM\..\Run: [Tgn] C:\WINDOWS\System32\Ldt.exe
O4 - HKLM\..\Run: [Vpc] C:\WINDOWS\System32\Pph.exe
O4 - HKLM\..\Run: [Vcl] C:\WINDOWS\Njp.exe
O4 - HKLM\..\Run: [Dor] C:\WINDOWS\System32\Fbr.exe
O4 - HKLM\..\Run: [Tph] C:\WINDOWS\Uul.exe
O4 - HKLM\..\Run: [Jjf] C:\WINDOWS\Mgi.exe
O4 - HKLM\..\Run: [Kbf] C:\WINDOWS\Hco.exe
O4 - HKLM\..\Run: [Psm] C:\WINDOWS\System32\Dvl.exe
O4 - HKLM\..\Run: [Dlh] C:\WINDOWS\System32\Gic.exe
O4 - HKLM\..\Run: [Jcj] C:\WINDOWS\Gjh.exe
O4 - HKLM\..\Run: [Rtp] C:\WINDOWS\System32\Cum.exe
O4 - HKLM\..\Run: [Qbg] C:\WINDOWS\System32\Beb.exe
O4 - HKLM\..\Run: [Oah] C:\WINDOWS\Bmh.exe
O4 - HKLM\..\Run: [Qju] C:\WINDOWS\Drc.exe
O4 - HKLM\..\Run: [Kja] C:\WINDOWS\Fjo.exe
O4 - HKLM\..\Run: [Brj] C:\WINDOWS\System32\Ccr.exe
O4 - HKLM\..\Run: [Nbs] C:\WINDOWS\Oel.exe
O4 - HKLM\..\Run: [Dmp] C:\WINDOWS\Skt.exe
O4 - HKLM\..\Run: [Skf] C:\WINDOWS\Sbq.exe
O4 - HKLM\..\Run: [Ipr] C:\WINDOWS\System32\Mht.exe
O4 - HKLM\..\Run: [Lad] C:\WINDOWS\System32\Oru.exe
O4 - HKLM\..\Run: [Vqj] C:\WINDOWS\Gao.exe
O4 - HKLM\..\Run: [Bsv] C:\WINDOWS\Joq.exe
O4 - HKLM\..\Run: [Tfn] C:\WINDOWS\System32\Lqd.exe
O4 - HKLM\..\Run: [Hhl] C:\WINDOWS\System32\Odu.exe
O4 - HKLM\..\Run: [Glb] C:\WINDOWS\Shc.exe
O4 - HKLM\..\Run: [Bio] C:\WINDOWS\Jjs.exe
O4 - HKLM\..\Run: [Men] C:\WINDOWS\System32\Leo.exe
O4 - HKLM\..\Run: [Erk] C:\WINDOWS\Joj.exe
O4 - HKLM\..\Run: [Cph] C:\WINDOWS\System32\Ojh.exe
O4 - HKLM\..\Run: [Asb] C:\WINDOWS\Agl.exe
O4 - HKLM\..\Run: [Bln] C:\WINDOWS\System32\Mnd.exe
O4 - HKLM\..\Run: [Ghn] C:\WINDOWS\Hol.exe
O4 - HKLM\..\Run: [Hvm] C:\WINDOWS\Kfh.exe
O4 - HKLM\..\Run: [Trk] C:\WINDOWS\Dmr.exe
O4 - HKLM\..\Run: [Iog] C:\WINDOWS\System32\Cnt.exe
O4 - HKLM\..\Run: [Dcs] C:\WINDOWS\Vvr.exe
O4 - HKLM\..\Run: [Rle] C:\WINDOWS\Dat.exe
O4 - HKLM\..\Run: [Bhf] C:\WINDOWS\System32\Bua.exe
O4 - HKLM\..\Run: [Brm] C:\WINDOWS\System32\Jbq.exe
O4 - HKLM\..\Run: [Rgu] C:\WINDOWS\System32\Lbg.exe
O4 - HKLM\..\Run: [Kca] C:\WINDOWS\Ffm.exe
O4 - HKLM\..\Run: [Phv] C:\WINDOWS\System32\Aah.exe
O4 - HKLM\..\Run: [Gqq] C:\WINDOWS\Iou.exe
O4 - HKLM\..\Run: [Qaf] C:\WINDOWS\Qhd.exe
O4 - HKLM\..\Run: [Mvu] C:\WINDOWS\Iuu.exe
O4 - HKLM\..\Run: [Vpq] C:\WINDOWS\System32\Vms.exe
O4 - HKLM\..\Run: [Bsm] C:\WINDOWS\System32\Dic.exe
O4 - HKLM\..\Run: [Jsu] C:\WINDOWS\System32\Qro.exe
O4 - HKLM\..\Run: [Roi] C:\WINDOWS\Ptb.exe
O4 - HKLM\..\Run: [Mtq] C:\WINDOWS\System32\Sot.exe
O4 - HKLM\..\Run: [Mla] C:\WINDOWS\Clt.exe
O4 - HKLM\..\Run: [Ncu] C:\WINDOWS\Vsu.exe
O4 - HKLM\..\Run: [Doq] C:\WINDOWS\System32\Jvu.exe
O4 - HKLM\..\Run: [Psv] C:\WINDOWS\System32\Gpg.exe
O4 - HKLM\..\Run: [Neq] C:\WINDOWS\System32\Ehh.exe
O4 - HKLM\..\Run: [Uqc] C:\WINDOWS\Gih.exe
O4 - HKLM\..\Run: [Rjv] C:\WINDOWS\Kjk.exe
O4 - HKLM\..\Run: [Isv] C:\WINDOWS\Ltl.exe
O4 - HKLM\..\Run: [Hcn] C:\WINDOWS\System32\Rul.exe
O4 - HKLM\..\Run: [Cqs] C:\WINDOWS\System32\Kvu.exe
O4 - HKLM\..\Run: [Sep] C:\WINDOWS\Hgh.exe
O4 - HKLM\..\Run: [Qid] C:\WINDOWS\System32\Arm.exe
O4 - HKLM\..\Run: [Nkm] C:\WINDOWS\System32\Pgu.exe
O4 - HKLM\..\Run: [Iij] C:\WINDOWS\System32\Mak.exe
O4 - HKLM\..\Run: [Ano] C:\WINDOWS\Esp.exe
O4 - HKLM\..\Run: [Veq] C:\WINDOWS\Tvf.exe
O4 - HKLM\..\Run: [Kli] C:\WINDOWS\Jif.exe
O4 - HKLM\..\Run: [Cji] C:\WINDOWS\System32\Upt.exe
O4 - HKLM\..\Run: [Pjv] C:\WINDOWS\System32\Rkq.exe
O4 - HKLM\..\Run: [Fon] C:\WINDOWS\Bqk.exe
O4 - HKLM\..\Run: [Kjr] C:\WINDOWS\System32\Pvo.exe
O4 - HKLM\..\Run: [Gdd] C:\WINDOWS\Cpv.exe
O4 - HKLM\..\Run: [Lbq] C:\WINDOWS\System32\Tss.exe
O4 - HKLM\..\Run: [Aii] C:\WINDOWS\Plc.exe
O4 - HKLM\..\Run: [Ecm] C:\WINDOWS\Uuj.exe
O4 - HKLM\..\Run: [Cch] C:\WINDOWS\Kps.exe
O4 - HKLM\..\Run: [Scb] C:\WINDOWS\System32\Tfd.exe
O4 - HKLM\..\Run: [Grg] C:\WINDOWS\System32\Igk.exe
O4 - HKLM\..\Run: [Blj] C:\WINDOWS\Ebp.exe
O4 - HKLM\..\Run: [Pbi] C:\WINDOWS\Jlp.exe
O4 - HKLM\..\Run: [Lbl] C:\WINDOWS\She.exe
O4 - HKLM\..\Run: [Kof] C:\WINDOWS\System32\Kod.exe
O4 - HKLM\..\Run: [Dee] C:\WINDOWS\System32\For.exe
O4 - HKLM\..\Run: [Mth] C:\WINDOWS\Lli.exe
O4 - HKLM\..\Run: [Qaj] C:\WINDOWS\System32\Dts.exe
O4 - HKLM\..\Run: [Gqa] C:\WINDOWS\Mic.exe
O4 - HKLM\..\Run: [Avp] C:\WINDOWS\System32\Oko.exe
O4 - HKLM\..\Run: [Tnq] C:\WINDOWS\System32\Joo.exe
O4 - HKLM\..\Run: [Iri] C:\WINDOWS\Ssc.exe
O4 - HKLM\..\Run: [Sqr] C:\WINDOWS\Mjr.exe
O4 - HKLM\..\Run: [Sph] C:\WINDOWS\System32\Kbp.exe
O4 - HKLM\..\Run: [Qht] C:\WINDOWS\System32\Tfk.exe
O4 - HKLM\..\Run: [Rvd] C:\WINDOWS\Fqt.exe
O4 - HKLM\..\Run: [Qmj] C:\WINDOWS\Pcc.exe
O4 - HKLM\..\Run: [Dvs] C:\WINDOWS\Fql.exe
O4 - HKLM\..\Run: [Bcr] C:\WINDOWS\System32\Qkb.exe
O4 - HKLM\..\Run: [Pem] C:\WINDOWS\System32\Qag.exe
O4 - HKLM\..\Run: [For] C:\WINDOWS\Cap.exe
O4 - HKLM\..\Run: [Hgt] C:\WINDOWS\Pad.exe
O4 - HKLM\..\Run: [Gqb] C:\WINDOWS\Sgr.exe
O4 - HKLM\..\Run: [Dkc] C:\WINDOWS\Btk.exe
O4 - HKLM\..\Run: [Gsv] C:\WINDOWS\Vua.exe
O4 - HKLM\..\Run: [Paa] C:\WINDOWS\System32\Dro.exe
O4 - HKLM\..\Run: [Nhn] C:\WINDOWS\System32\Guh.exe
O4 - HKLM\..\Run: [Sfl] C:\WINDOWS\Iav.exe
O4 - HKLM\..\Run: [Nrf] C:\WINDOWS\Rdi.exe
O4 - HKLM\..\Run: [Pcj] C:\WINDOWS\Rel.exe
O4 - HKLM\..\Run: [Qjd] C:\WINDOWS\Gip.exe
O4 - HKLM\..\Run: [Snd] C:\WINDOWS\System32\Rud.exe
O4 - HKLM\..\Run: [Iaa] C:\WINDOWS\System32\Viq.exe
O4 - HKLM\..\Run: [Mpn] C:\WINDOWS\System32\Evv.exe
O4 - HKLM\..\Run: [Vmg] C:\WINDOWS\Kum.exe
O4 - HKLM\..\Run: [Hps] C:\WINDOWS\System32\Bro.exe
O4 - HKLM\..\Run: [Mfq] C:\WINDOWS\System32\Spf.exe
O4 - HKLM\..\Run: [Pur] C:\WINDOWS\System32\Nus.exe
O4 - HKLM\..\Run: [Fan] C:\WINDOWS\System32\Cai.exe
O4 - HKLM\..\Run: [Hrc] C:\WINDOWS\System32\Iuf.exe
O4 - HKLM\..\Run: [Afo] C:\WINDOWS\System32\Uda.exe
O4 - HKLM\..\Run: [Orp] C:\WINDOWS\Qfp.exe
O4 - HKLM\..\Run: [Gpq] C:\WINDOWS\System32\Ibi.exe
O4 - HKLM\..\Run: [Ltd] C:\WINDOWS\Hfs.exe
O4 - HKLM\..\Run: [Iva] C:\WINDOWS\Mdk.exe
O4 - HKLM\..\Run: [Eri] C:\WINDOWS\Blt.exe
O4 - HKLM\..\Run: [Nvr] C:\WINDOWS\System32\Utr.exe
O4 - HKLM\..\Run: [Evo] C:\WINDOWS\Akl.exe
O4 - HKLM\..\Run: [Toa] C:\WINDOWS\Hsv.exe
O4 - HKLM\..\Run: [Srv] C:\WINDOWS\Rcd.exe
O4 - HKLM\..\Run: [Sgv] C:\WINDOWS\System32\Hcu.exe
O4 - HKLM\..\Run: [Nee] C:\WINDOWS\Fma.exe
O4 - HKLM\..\Run: [Udt] C:\WINDOWS\Bgr.exe
O4 - HKLM\..\Run: [Kok] C:\WINDOWS\System32\Kbn.exe
O4 - HKLM\..\Run: [Cgo] C:\WINDOWS\System32\Vue.exe
O4 - HKLM\..\Run: [Gfg] C:\WINDOWS\System32\Ufu.exe
O4 - HKLM\..\Run: [Igr] C:\WINDOWS\System32\Stl.exe
O4 - HKLM\..\RunOnce: [mfcju.exe] C:\WINDOWS\system32\mfcju.exe
O4 - HKCU\..\Run: [Windows Update Checker] C:\WINDOWS\system32\deinst_qfe002.exe
O4 - HKCU\..\Run: [CHIN CAMP] C:\DOCUME~1\STEPHE~1\APPLIC~1\FLAWMP~1\Owns Beep.exe
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CityTrader.exe] C:\DOWNLO~1\CITYTR~1.EXE /r
O4 - HKCU\..\Run: [Eks] C:\WINDOWS\Ebo.exe
O4 - HKCU\..\Run: [Ubi] C:\WINDOWS\System32\Qms.exe
O4 - HKCU\..\Run: [Jhs] C:\WINDOWS\System32\Mdr.exe
O4 - HKCU\..\Run: [Kno] C:\WINDOWS\System32\Jvv.exe
O4 - HKCU\..\Run: [Ach] C:\WINDOWS\Tjs.exe
O4 - HKCU\..\Run: [Iln] C:\WINDOWS\System32\Qcm.exe
O4 - HKCU\..\Run: [Gdg] C:\WINDOWS\System32\Vka.exe
O4 - HKCU\..\Run: [Egr] C:\WINDOWS\Bik.exe
O4 - HKCU\..\Run: [Voh] C:\WINDOWS\Rfc.exe
O4 - HKCU\..\Run: [Oqc] C:\WINDOWS\Bei.exe
O4 - HKCU\..\Run: [Eda] C:\WINDOWS\Ikk.exe
O4 - HKCU\..\Run: [Jdg] C:\WINDOWS\System32\Cdr.exe
O4 - HKCU\..\Run: [Ibu] C:\WINDOWS\System32\Pkg.exe
O4 - HKCU\..\Run: [Dmm] C:\WINDOWS\Lvr.exe
O4 - HKCU\..\Run: [Gfh] C:\WINDOWS\System32\Rdn.exe
O4 - HKCU\..\Run: [Qir] C:\WINDOWS\Lai.exe
O4 - HKCU\..\Run: [Nui] C:\WINDOWS\Dif.exe
O4 - HKCU\..\Run: [Vso] C:\WINDOWS\System32\Nvs.exe
O4 - HKCU\..\Run: [Nao] C:\WINDOWS\Mjl.exe
O4 - HKCU\..\Run: [Gif] C:\WINDOWS\System32\Dul.exe
O4 - HKCU\..\Run: [Hnk] C:\WINDOWS\System32\Csm.exe
O4 - HKCU\..\Run: [Kvu] C:\WINDOWS\Vce.exe
O4 - HKCU\..\Run: [Das] C:\WINDOWS\System32\Pbm.exe
O4 - HKCU\..\Run: [Rkn] C:\WINDOWS\Vpp.exe
O4 - HKCU\..\Run: [Mpf] C:\WINDOWS\Amg.exe
O4 - HKCU\..\Run: [Lrj] C:\WINDOWS\System32\Rod.exe
O4 - HKCU\..\Run: [Jfg] C:\WINDOWS\System32\Gom.exe
O4 - HKCU\..\Run: [Kkg] C:\WINDOWS\Qon.exe
O4 - HKCU\..\Run: [Nks] C:\WINDOWS\System32\Eas.exe
O4 - HKCU\..\Run: [Vvr] C:\WINDOWS\Pre.exe
O4 - HKCU\..\Run: [Rsr] C:\WINDOWS\Hvk.exe
O4 - HKCU\..\Run: [Qij] C:\WINDOWS\System32\Lan.exe
O4 - HKCU\..\Run: [Nsn] C:\WINDOWS\System32\Smp.exe
O4 - HKCU\..\Run: [Fvg] C:\WINDOWS\System32\Qgt.exe
O4 - HKCU\..\Run: [Cip] C:\WINDOWS\System32\Tdo.exe
O4 - HKCU\..\Run: [Clc] C:\WINDOWS\System32\Tiq.exe
O4 - HKCU\..\Run: [Hqu] C:\WINDOWS\Bfe.exe
O4 - HKCU\..\Run: [Uok] C:\WINDOWS\System32\Ggg.exe
O4 - HKCU\..\Run: [Qjg] C:\WINDOWS\Vmj.exe
O4 - HKCU\..\Run: [Fcp] C:\WINDOWS\Lmh.exe
O4 - HKCU\..\Run: [Tgn] C:\WINDOWS\System32\Ldt.exe
O4 - HKCU\..\Run: [Vpc] C:\WINDOWS\System32\Pph.exe
O4 - HKCU\..\Run: [Vcl] C:\WINDOWS\Njp.exe
O4 - HKCU\..\Run: [Dor] C:\WINDOWS\System32\Fbr.exe
O4 - HKCU\..\Run: [Tph] C:\WINDOWS\Uul.exe
O4 - HKCU\..\Run: [Jjf] C:\WINDOWS\Mgi.exe
O4 - HKCU\..\Run: [Kbf] C:\WINDOWS\Hco.exe
O4 - HKCU\..\Run: [Psm] C:\WINDOWS\System32\Dvl.exe
O4 - HKCU\..\Run: [Dlh] C:\WINDOWS\System32\Gic.exe
O4 - HKCU\..\Run: [Jcj] C:\WINDOWS\Gjh.exe
O4 - HKCU\..\Run: [Rtp] C:\WINDOWS\System32\Cum.exe
O4 - HKCU\..\Run: [Qbg] C:\WINDOWS\System32\Beb.exe
O4 - HKCU\..\Run: [Oah] C:\WINDOWS\Bmh.exe
O4 - HKCU\..\Run: [Qju] C:\WINDOWS\Drc.exe
O4 - HKCU\..\Run: [Kja] C:\WINDOWS\Fjo.exe
O4 - HKCU\..\Run: [Brj] C:\WINDOWS\System32\Ccr.exe
Reply With Quote
  #4  
Old April 17th, 2005, 11:02 AM
SAT SAT is offline
New Member
 
Join Date: Apr 2005
Posts: 25
Hijack This Log 2

This is the rest:

O4 - HKCU\..\Run: [Nbs] C:\WINDOWS\Oel.exe
O4 - HKCU\..\Run: [Dmp] C:\WINDOWS\Skt.exe
O4 - HKCU\..\Run: [Skf] C:\WINDOWS\Sbq.exe
O4 - HKCU\..\Run: [Ipr] C:\WINDOWS\System32\Mht.exe
O4 - HKCU\..\Run: [Lad] C:\WINDOWS\System32\Oru.exe
O4 - HKCU\..\Run: [Vqj] C:\WINDOWS\Gao.exe
O4 - HKCU\..\Run: [Bsv] C:\WINDOWS\Joq.exe
O4 - HKCU\..\Run: [Tfn] C:\WINDOWS\System32\Lqd.exe
O4 - HKCU\..\Run: [Hhl] C:\WINDOWS\System32\Odu.exe
O4 - HKCU\..\Run: [Glb] C:\WINDOWS\Shc.exe
O4 - HKCU\..\Run: [Bio] C:\WINDOWS\Jjs.exe
O4 - HKCU\..\Run: [Men] C:\WINDOWS\System32\Leo.exe
O4 - HKCU\..\Run: [Erk] C:\WINDOWS\Joj.exe
O4 - HKCU\..\Run: [Cph] C:\WINDOWS\System32\Ojh.exe
O4 - HKCU\..\Run: [Asb] C:\WINDOWS\Agl.exe
O4 - HKCU\..\Run: [Bln] C:\WINDOWS\System32\Mnd.exe
O4 - HKCU\..\Run: [Ghn] C:\WINDOWS\Hol.exe
O4 - HKCU\..\Run: [Hvm] C:\WINDOWS\Kfh.exe
O4 - HKCU\..\Run: [Trk] C:\WINDOWS\Dmr.exe
O4 - HKCU\..\Run: [Iog] C:\WINDOWS\System32\Cnt.exe
O4 - HKCU\..\Run: [Dcs] C:\WINDOWS\Vvr.exe
O4 - HKCU\..\Run: [Rle] C:\WINDOWS\Dat.exe
O4 - HKCU\..\Run: [Bhf] C:\WINDOWS\System32\Bua.exe
O4 - HKCU\..\Run: [Brm] C:\WINDOWS\System32\Jbq.exe
O4 - HKCU\..\Run: [Rgu] C:\WINDOWS\System32\Lbg.exe
O4 - HKCU\..\Run: [Kca] C:\WINDOWS\Ffm.exe
O4 - HKCU\..\Run: [Phv] C:\WINDOWS\System32\Aah.exe
O4 - HKCU\..\Run: [Gqq] C:\WINDOWS\Iou.exe
O4 - HKCU\..\Run: [Qaf] C:\WINDOWS\Qhd.exe
O4 - HKCU\..\Run: [Mvu] C:\WINDOWS\Iuu.exe
O4 - HKCU\..\Run: [Vpq] C:\WINDOWS\System32\Vms.exe
O4 - HKCU\..\Run: [Bsm] C:\WINDOWS\System32\Dic.exe
O4 - HKCU\..\Run: [Jsu] C:\WINDOWS\System32\Qro.exe
O4 - HKCU\..\Run: [Roi] C:\WINDOWS\Ptb.exe
O4 - HKCU\..\Run: [Mtq] C:\WINDOWS\System32\Sot.exe
O4 - HKCU\..\Run: [Mla] C:\WINDOWS\Clt.exe
O4 - HKCU\..\Run: [Ncu] C:\WINDOWS\Vsu.exe
O4 - HKCU\..\Run: [Doq] C:\WINDOWS\System32\Jvu.exe
O4 - HKCU\..\Run: [Psv] C:\WINDOWS\System32\Gpg.exe
O4 - HKCU\..\Run: [Neq] C:\WINDOWS\System32\Ehh.exe
O4 - HKCU\..\Run: [Uqc] C:\WINDOWS\Gih.exe
O4 - HKCU\..\Run: [Rjv] C:\WINDOWS\Kjk.exe
O4 - HKCU\..\Run: [Isv] C:\WINDOWS\Ltl.exe
O4 - HKCU\..\Run: [Hcn] C:\WINDOWS\System32\Rul.exe
O4 - HKCU\..\Run: [Cqs] C:\WINDOWS\System32\Kvu.exe
O4 - HKCU\..\Run: [Sep] C:\WINDOWS\Hgh.exe
O4 - HKCU\..\Run: [Qid] C:\WINDOWS\System32\Arm.exe
O4 - HKCU\..\Run: [Nkm] C:\WINDOWS\System32\Pgu.exe
O4 - HKCU\..\Run: [Iij] C:\WINDOWS\System32\Mak.exe
O4 - HKCU\..\Run: [Ano] C:\WINDOWS\Esp.exe
O4 - HKCU\..\Run: [Veq] C:\WINDOWS\Tvf.exe
O4 - HKCU\..\Run: [Kli] C:\WINDOWS\Jif.exe
O4 - HKCU\..\Run: [Cji] C:\WINDOWS\System32\Upt.exe
O4 - HKCU\..\Run: [Pjv] C:\WINDOWS\System32\Rkq.exe
O4 - HKCU\..\Run: [Fon] C:\WINDOWS\Bqk.exe
O4 - HKCU\..\Run: [Kjr] C:\WINDOWS\System32\Pvo.exe
O4 - HKCU\..\Run: [Gdd] C:\WINDOWS\Cpv.exe
O4 - HKCU\..\Run: [Lbq] C:\WINDOWS\System32\Tss.exe
O4 - HKCU\..\Run: [Aii] C:\WINDOWS\Plc.exe
O4 - HKCU\..\Run: [Ecm] C:\WINDOWS\Uuj.exe
O4 - HKCU\..\Run: [Cch] C:\WINDOWS\Kps.exe
O4 - HKCU\..\Run: [Scb] C:\WINDOWS\System32\Tfd.exe
O4 - HKCU\..\Run: [Grg] C:\WINDOWS\System32\Igk.exe
O4 - HKCU\..\Run: [Blj] C:\WINDOWS\Ebp.exe
O4 - HKCU\..\Run: [Pbi] C:\WINDOWS\Jlp.exe
O4 - HKCU\..\Run: [Lbl] C:\WINDOWS\She.exe
O4 - HKCU\..\Run: [Kof] C:\WINDOWS\System32\Kod.exe
O4 - HKCU\..\Run: [Dee] C:\WINDOWS\System32\For.exe
O4 - HKCU\..\Run: [Mth] C:\WINDOWS\Lli.exe
O4 - HKCU\..\Run: [Qaj] C:\WINDOWS\System32\Dts.exe
O4 - HKCU\..\Run: [Gqa] C:\WINDOWS\Mic.exe
O4 - HKCU\..\Run: [Avp] C:\WINDOWS\System32\Oko.exe
O4 - HKCU\..\Run: [Tnq] C:\WINDOWS\System32\Joo.exe
O4 - HKCU\..\Run: [Iri] C:\WINDOWS\Ssc.exe
O4 - HKCU\..\Run: [Sqr] C:\WINDOWS\Mjr.exe
O4 - HKCU\..\Run: [Sph] C:\WINDOWS\System32\Kbp.exe
O4 - HKCU\..\Run: [Qht] C:\WINDOWS\System32\Tfk.exe
O4 - HKCU\..\Run: [Rvd] C:\WINDOWS\Fqt.exe
O4 - HKCU\..\Run: [Qmj] C:\WINDOWS\Pcc.exe
O4 - HKCU\..\Run: [Dvs] C:\WINDOWS\Fql.exe
O4 - HKCU\..\Run: [Bcr] C:\WINDOWS\System32\Qkb.exe
O4 - HKCU\..\Run: [Pem] C:\WINDOWS\System32\Qag.exe
O4 - HKCU\..\Run: [For] C:\WINDOWS\Cap.exe
O4 - HKCU\..\Run: [Hgt] C:\WINDOWS\Pad.exe
O4 - HKCU\..\Run: [Gqb] C:\WINDOWS\Sgr.exe
O4 - HKCU\..\Run: [Dkc] C:\WINDOWS\Btk.exe
O4 - HKCU\..\Run: [Gsv] C:\WINDOWS\Vua.exe
O4 - HKCU\..\Run: [Paa] C:\WINDOWS\System32\Dro.exe
O4 - HKCU\..\Run: [Nhn] C:\WINDOWS\System32\Guh.exe
O4 - HKCU\..\Run: [Sfl] C:\WINDOWS\Iav.exe
O4 - HKCU\..\Run: [Nrf] C:\WINDOWS\Rdi.exe
O4 - HKCU\..\Run: [Pcj] C:\WINDOWS\Rel.exe
O4 - HKCU\..\Run: [Qjd] C:\WINDOWS\Gip.exe
O4 - HKCU\..\Run: [Snd] C:\WINDOWS\System32\Rud.exe
O4 - HKCU\..\Run: [Iaa] C:\WINDOWS\System32\Viq.exe
O4 - HKCU\..\Run: [Mpn] C:\WINDOWS\System32\Evv.exe
O4 - HKCU\..\Run: [Vmg] C:\WINDOWS\Kum.exe
O4 - HKCU\..\Run: [Hps] C:\WINDOWS\System32\Bro.exe
O4 - HKCU\..\Run: [Mfq] C:\WINDOWS\System32\Spf.exe
O4 - HKCU\..\Run: [Pur] C:\WINDOWS\System32\Nus.exe
O4 - HKCU\..\Run: [Fan] C:\WINDOWS\System32\Cai.exe
O4 - HKCU\..\Run: [Hrc] C:\WINDOWS\System32\Iuf.exe
O4 - HKCU\..\Run: [Afo] C:\WINDOWS\System32\Uda.exe
O4 - HKCU\..\Run: [Orp] C:\WINDOWS\Qfp.exe
O4 - HKCU\..\Run: [Gpq] C:\WINDOWS\System32\Ibi.exe
O4 - HKCU\..\Run: [Ltd] C:\WINDOWS\Hfs.exe
O4 - HKCU\..\Run: [Iva] C:\WINDOWS\Mdk.exe
O4 - HKCU\..\Run: [Eri] C:\WINDOWS\Blt.exe
O4 - HKCU\..\Run: [Nvr] C:\WINDOWS\System32\Utr.exe
O4 - HKCU\..\Run: [Evo] C:\WINDOWS\Akl.exe
O4 - HKCU\..\Run: [Toa] C:\WINDOWS\Hsv.exe
O4 - HKCU\..\Run: [Srv] C:\WINDOWS\Rcd.exe
O4 - HKCU\..\Run: [Sgv] C:\WINDOWS\System32\Hcu.exe
O4 - HKCU\..\Run: [Nee] C:\WINDOWS\Fma.exe
O4 - HKCU\..\Run: [Udt] C:\WINDOWS\Bgr.exe
O4 - HKCU\..\Run: [Kok] C:\WINDOWS\System32\Kbn.exe
O4 - HKCU\..\Run: [Cgo] C:\WINDOWS\System32\Vue.exe
O4 - HKCU\..\Run: [Gfg] C:\WINDOWS\System32\Ufu.exe
O4 - HKCU\..\Run: [Igr] C:\WINDOWS\System32\Stl.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: winupdate66259635[1].exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O9 - Extra button: Liquid Internet - {4BA7AAA4-1F2F-436e-A877-8B0FB2418D33} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Liquid Internet - {4BA7AAA4-1F2F-436e-A877-8B0FB2418D33} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: MistyAndSamsCash - {FBFD8C12-7530-4f0b-8E0A-8EEB4A3D503F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MistyAndSamsCash - {FBFD8C12-7530-4f0b-8E0A-8EEB4A3D503F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {101DAAA9-F8AB-444F-9638-BCCCEC7B12AB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {101DAAA9-F8AB-444F-9638-BCCCEC7B12AB} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {17036DF0-7045-4948-9A0C-B24141BCBEB7} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {17036DF0-7045-4948-9A0C-B24141BCBEB7} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {387D5DCD-225C-426A-A338-49104A048C82} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {387D5DCD-225C-426A-A338-49104A048C82} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {43CF4C1E-4CEA-4706-93E8-FF5F7552D16D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {43CF4C1E-4CEA-4706-93E8-FF5F7552D16D} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.63.219.181.7
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.horse-active.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.horse-active.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 64.62.171.156
O15 - Trusted IP range: 64.62.171.156 (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-18.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1108761923671
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab27571.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{59F34224-5EDD-415E-87F3-39FFA5D0BA66}: NameServer = 205.188.146.145
O20 - Winlogon Notify: drct16 - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Network Security Service (NSS) (%AF) - Unknown owner - C:\WINDOWS\system32\ntzq32.exe (file missing)
Reply With Quote
  #5  
Old April 17th, 2005, 02:32 PM
tetonbob tetonbob is offline
Senior Member
 
Join Date: Jul 2004
Location: Brevard, NC
Posts: 705
Hi SAT -

It is important to include the entire log....in your copy and paste be sure to include the header portion also...this gives us valuable info as to the version number of HJT, time/date of scan, your OS and what level of Windows Updates and IE Updates your system has.

Please post this information while I'm working on the fix your your infection.
Reply With Quote
  #6  
Old April 17th, 2005, 03:11 PM
SAT SAT is offline
New Member
 
Join Date: Apr 2005
Posts: 25
I couldn't fit the entire log in one post. Here is the header:

Logfile of HijackThis v1.99.1
Scan saved at 15:10:17, on 17/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Reply With Quote
  #7  
Old April 17th, 2005, 04:03 PM
tetonbob tetonbob is offline
Senior Member
 
Join Date: Jul 2004
Location: Brevard, NC
Posts: 705
This is a tough one. We'll get to the 3 letter exe's on the next run.

Download Hoster http://members.aol.com/toadbee/hoster.zip
Download and install CleanUp http://cleanup.stevengould.org/

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools->Folder Options->View tab and make sure that 'Show hidden files and folders' is enabled. Also make sure that 'Display the contents of system folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

Download AboutBuster http://downloads.planetmirror.com/pu...boutbuster.zip and unzip it to a folder on your the Desktop. Run AboutBuster and click OK. Click Update and then Check For Update to see if there are any updates. Close the program now.

Go to Start->Run and type in services.msc and hit OK. Then look for Network Security Service (NSS) and double click on it. Click on the Stop button and under Startup type, choose Disabled.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be but make sure)

C:\WINDOWS\system32\mfcju.exe
C:\WINDOWS\system32\appnz.exe
C:\windows\system32\swcroot.exe
C:\WINDOWS\System32\open32.exe
C:\WINDOWS\Ebo.exe


Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Spyware Begone/freescan<<<<its rogueware (or known to be rogueware in the past) and we highly recommend that you uninstall it. Rogue/Suspect means that these products are of unknown, questionable, or dubious value as anti-spyware protection.
MessengerPlus3<<<<Bundles the hard to remove C2Media LOP
Instant Buzz




Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ctpzd.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ctpzd.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ctpzd.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ctpzd.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ctpzd.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ctpzd.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ctpzd.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=lili111
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=lili111
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0AF23546-627B-E7D6-AEB6-CBB4FC91EBE4} - C:\WINDOWS\system32\ntvx32.dll (file missing)
O2 - BHO: (no name) - {24EC266E-58F6-C76B-ECDF-18E86769E35F} - C:\WINDOWS\sysod32.dll (file missing)
O2 - BHO: (no name) - {2CE711D5-3677-6478-9DBE-8A8DEE743E69} - C:\WINDOWS\system32\d3jm32.dll (file missing)
O2 - BHO: (no name) - {3538678A-BDB3-602E-C7FF-6CAB5FA168EC} - C:\WINDOWS\system32\netrk32.dll (file missing)
O2 - BHO: (no name) - {3BAEACBD-6D25-4282-0896-4FA149FAF324} - C:\WINDOWS\msuj32.dll (file missing)
O2 - BHO: (no name) - {457FC705-1005-04F4-EDA9-964939906284} - C:\WINDOWS\system32\ntrw32.dll (file missing)
O2 - BHO: (no name) - {4A6D173C-FEB5-A78F-B935-68286B007E44} - C:\WINDOWS\system32\winmz32.dll (file missing)
O2 - BHO: (no name) - {5367AF43-53A3-260E-9D79-0CDB4035A008} - C:\WINDOWS\system32\sdkdg32.dll (file missing)
O2 - BHO: (no name) - {6F78A8DF-CCFD-8F45-6673-865E1F2FB01D} - C:\WINDOWS\atlxj.dll (file missing)
O2 - BHO: (no name) - {713BB4D3-0B7C-1D3D-8240-26C661FA80FC} - C:\WINDOWS\ipnx32.dll (file missing)
O2 - BHO: (no name) - {736B2606-0CE4-B4AB-BA2F-72E515DE240F} - C:\WINDOWS\atlzw.dll (file missing)
O2 - BHO: (no name) - {7E72EF25-4095-D844-4224-B322BFBF6B06} - C:\WINDOWS\system32\javanq.dll (file missing)
O2 - BHO: (no name) - {95E91DD0-550D-630E-CCFD-E929FF768505} - C:\WINDOWS\system32\netve32.dll (file missing)
O2 - BHO: (no name) - {A3DEAD28-EE65-AB87-0D4A-5AA324BCB9A7} - C:\WINDOWS\mfcwz.dll (file missing)
O2 - BHO: (no name) - {B9DB1D1D-24EF-8B33-2149-F69C3F37D817} - C:\WINDOWS\system32\winpc32.dll (file missing)
O2 - BHO: (no name) - {CFB9CE71-CDC7-9E68-F759-092DB4EFCA15} - C:\WINDOWS\system32\mfcwt32.dll (file missing)
O2 - BHO: (no name) - {DD35522C-E086-2B5A-7652-36886F75C9C3} - C:\WINDOWS\winab32.dll (file missing)
O2 - BHO: (no name) - {E2A94F9F-7AED-6BE3-46D5-174F791F1A84} - C:\WINDOWS\addah32.dll (file missing)
O2 - BHO: (no name) - {EE97177B-4907-8370-869F-6F75B86D03A0} - C:\WINDOWS\system32\sysyb.dll (file missing)
O4 - HKLM\..\Run: [appnz.exe] C:\WINDOWS\system32\appnz.exe
O4 - HKLM\..\Run: [Software] C:\WINDOWS\System32\Software\software.exe
O4 - HKLM\..\Run: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe
O4 - HKLM\..\Run: [swcroot] c:\windows\system32\swcroot.exe
O4 - HKLM\..\Run: [BINDCOALFLAPHIDE] C:\Documents and Settings\All Users\Application Data\Manager hold bind coal\JugsCool.exe
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\RunOnce: [mfcju.exe] C:\WINDOWS\system32\mfcju.exe
O4 - HKCU\..\Run: [Windows Update Checker] C:\WINDOWS\system32\deinst_qfe002.exe
O4 - HKCU\..\Run: [CHIN CAMP] C:\DOCUME~1\STEPHE~1\APPLIC~1\FLAWMP~1\Owns Beep.exe
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart
O4 - HKCU\..\Run: [CityTrader.exe] C:\DOWNLO~1\CITYTR~1.EXE /r
O4 - Startup: winupdate66259635[1].exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MistyAndSamsCash - {FBFD8C12-7530-4f0b-8E0A-8EEB4A3D503F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MistyAndSamsCash - {FBFD8C12-7530-4f0b-8E0A-8EEB4A3D503F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {101DAAA9-F8AB-444F-9638-BCCCEC7B12AB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {101DAAA9-F8AB-444F-9638-BCCCEC7B12AB} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {17036DF0-7045-4948-9A0C-B24141BCBEB7} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {17036DF0-7045-4948-9A0C-B24141BCBEB7} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {387D5DCD-225C-426A-A338-49104A048C82} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {387D5DCD-225C-426A-A338-49104A048C82} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {43CF4C1E-4CEA-4706-93E8-FF5F7552D16D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {43CF4C1E-4CEA-4706-93E8-FF5F7552D16D} - (no file) (HKCU)
O15 - Trusted Zone: http://*.63.219.181.7
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.horse-active.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.horse-active.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 64.62.171.156
O15 - Trusted IP range: 64.62.171.156 (HKLM)
O20 - Winlogon Notify: drct16 - C:\WINDOWS\
O23 - Service: Network Security Service (NSS) (%AF) - Unknown owner - C:\WINDOWS\system32\ntzq32.exe (file missing)


Run AboutBuster and click OK. Click Start->OK and then follow the rest of the prompts to scan (choose Yes/OK for all). It will ask you if you want a second scan, choose Yes. Save the log file and post it here.

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINDOWS\system32\mfcju.exe
C:\WINDOWS\system32\appnz.exe
C:\windows\system32\swcroot.exe
C:\WINDOWS\System32\open32.exe
C:\WINDOWS\Ebo.exe
C:\WINDOWS\ctpzd.dll
C:\WINDOWS\System32\Software\software.exe
C:\Program Files\Instant Buzz
C:\Documents and Settings\All Users\Application Data\Manager hold bind coal
C:\WINDOWS\system32\deinst_qfe002.exe
C:\DOCUME~1\STEPHE~1\APPLIC~1\FLAWMP~1
c:\freescan
C:\DOWNLO~1\CITYTR~1.EXE
C:\WINDOWS\system32\ntzq32.exe

Open the Hoster file and run the program to restore your hosts file.

Run the CleanUp utility ...Reboot. Once back to normal windows post another hijackthis log.
Reply With Quote
  #8  
Old April 17th, 2005, 04:16 PM
SAT SAT is offline
New Member
 
Join Date: Apr 2005
Posts: 25
Thanks for the advice. But i can't download http://members.aol.com/toadbee/hoster.zip an error message keeps showing up saying Internet Explore Cannot Download It.
Reply With Quote
  #9  
Old April 17th, 2005, 04:20 PM
tetonbob tetonbob is offline
Senior Member
 
Join Date: Jul 2004
Location: Brevard, NC
Posts: 705
Sorry, wrong prog....look below.

Last edited by tetonbob; April 17th, 2005 at 04:58 PM. Reason: wrong link
Reply With Quote
  #10  
Old April 17th, 2005, 04:24 PM
tetonbob tetonbob is offline
Senior Member
 
Join Date: Jul 2004
Location: Brevard, NC
Posts: 705
Sorry, SAT....you need Hoster:

http://www.greyknight17.com/spy/Hoster.exe

Last edited by tetonbob; April 17th, 2005 at 04:59 PM.
Reply With Quote
  #11  
Old April 17th, 2005, 06:48 PM
SAT SAT is offline
New Member
 
Join Date: Apr 2005
Posts: 25
Here is the Hijackthis Log after the steps you said to take.

Logfile of HijackThis v1.99.1
Scan saved at 18:47:11, on 17/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mfcju.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\Ebo.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
C:\WINDOWS\system32\appnz.exe
C:\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.d ll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Eks] C:\WINDOWS\Ebo.exe
O4 - HKLM\..\Run: [Ubi] C:\WINDOWS\System32\Qms.exe
O4 - HKLM\..\Run: [Jhs] C:\WINDOWS\System32\Mdr.exe
O4 - HKLM\..\Run: [Kno] C:\WINDOWS\System32\Jvv.exe
O4 - HKLM\..\Run: [Ach] C:\WINDOWS\Tjs.exe
O4 - HKLM\..\Run: [Iln] C:\WINDOWS\System32\Qcm.exe
O4 - HKLM\..\Run: [Gdg] C:\WINDOWS\System32\Vka.exe
O4 - HKLM\..\Run: [Egr] C:\WINDOWS\Bik.exe
O4 - HKLM\..\Run: [Voh] C:\WINDOWS\Rfc.exe
O4 - HKLM\..\Run: [Oqc] C:\WINDOWS\Bei.exe
O4 - HKLM\..\Run: [Eda] C:\WINDOWS\Ikk.exe
O4 - HKLM\..\Run: [Jdg] C:\WINDOWS\System32\Cdr.exe
O4 - HKLM\..\Run: [Ibu] C:\WINDOWS\System32\Pkg.exe
O4 - HKLM\..\Run: [Dmm] C:\WINDOWS\Lvr.exe
O4 - HKLM\..\Run: [Gfh] C:\WINDOWS\System32\Rdn.exe
O4 - HKLM\..\Run: [Qir] C:\WINDOWS\Lai.exe
O4 - HKLM\..\Run: [Nui] C:\WINDOWS\Dif.exe
O4 - HKLM\..\Run: [Vso] C:\WINDOWS\System32\Nvs.exe
O4 - HKLM\..\Run: [Nao] C:\WINDOWS\Mjl.exe
O4 - HKLM\..\Run: [Gif] C:\WINDOWS\System32\Dul.exe
O4 - HKLM\..\Run: [Hnk] C:\WINDOWS\System32\Csm.exe
O4 - HKLM\..\Run: [Kvu] C:\WINDOWS\Vce.exe
O4 - HKLM\..\Run: [Das] C:\WINDOWS\System32\Pbm.exe
O4 - HKLM\..\Run: [Rkn] C:\WINDOWS\Vpp.exe
O4 - HKLM\..\Run: [Mpf] C:\WINDOWS\Amg.exe
O4 - HKLM\..\Run: [Lrj] C:\WINDOWS\System32\Rod.exe
O4 - HKLM\..\Run: [Jfg] C:\WINDOWS\System32\Gom.exe
O4 - HKLM\..\Run: [Kkg] C:\WINDOWS\Qon.exe
O4 - HKLM\..\Run: [Nks] C:\WINDOWS\System32\Eas.exe
O4 - HKLM\..\Run: [Vvr] C:\WINDOWS\Pre.exe
Reply With Quote
  #12  
Old April 17th, 2005, 06:49 PM
SAT SAT is offline
New Member
 
Join Date: Apr 2005
Posts: 25
O4 - HKLM\..\Run: [Rsr] C:\WINDOWS\Hvk.exe
O4 - HKLM\..\Run: [Qij] C:\WINDOWS\System32\Lan.exe
O4 - HKLM\..\Run: [Nsn] C:\WINDOWS\System32\Smp.exe
O4 - HKLM\..\Run: [Fvg] C:\WINDOWS\System32\Qgt.exe
O4 - HKLM\..\Run: [Cip] C:\WINDOWS\System32\Tdo.exe
O4 - HKLM\..\Run: [Clc] C:\WINDOWS\System32\Tiq.exe
O4 - HKLM\..\Run: [Hqu] C:\WINDOWS\Bfe.exe
O4 - HKLM\..\Run: [Uok] C:\WINDOWS\System32\Ggg.exe
O4 - HKLM\..\Run: [Qjg] C:\WINDOWS\Vmj.exe
O4 - HKLM\..\Run: [Fcp] C:\WINDOWS\Lmh.exe
O4 - HKLM\..\Run: [Tgn] C:\WINDOWS\System32\Ldt.exe
O4 - HKLM\..\Run: [Vpc] C:\WINDOWS\System32\Pph.exe
O4 - HKLM\..\Run: [Vcl] C:\WINDOWS\Njp.exe
O4 - HKLM\..\Run: [Dor] C:\WINDOWS\System32\Fbr.exe
O4 - HKLM\..\Run: [Tph] C:\WINDOWS\Uul.exe
O4 - HKLM\..\Run: [Jjf] C:\WINDOWS\Mgi.exe
O4 - HKLM\..\Run: [Kbf] C:\WINDOWS\Hco.exe
O4 - HKLM\..\Run: [Psm] C:\WINDOWS\System32\Dvl.exe
O4 - HKLM\..\Run: [Dlh] C:\WINDOWS\System32\Gic.exe
O4 - HKLM\..\Run: [Jcj] C:\WINDOWS\Gjh.exe
O4 - HKLM\..\Run: [Rtp] C:\WINDOWS\System32\Cum.exe
O4 - HKLM\..\Run: [Qbg] C:\WINDOWS\System32\Beb.exe
O4 - HKLM\..\Run: [Oah] C:\WINDOWS\Bmh.exe
O4 - HKLM\..\Run: [Qju] C:\WINDOWS\Drc.exe
O4 - HKLM\..\Run: [Kja] C:\WINDOWS\Fjo.exe
O4 - HKLM\..\Run: [Brj] C:\WINDOWS\System32\Ccr.exe
O4 - HKLM\..\Run: [Nbs] C:\WINDOWS\Oel.exe
O4 - HKLM\..\Run: [Dmp] C:\WINDOWS\Skt.exe
O4 - HKLM\..\Run: [Skf] C:\WINDOWS\Sbq.exe
O4 - HKLM\..\Run: [Ipr] C:\WINDOWS\System32\Mht.exe
O4 - HKLM\..\Run: [Lad] C:\WINDOWS\System32\Oru.exe
O4 - HKLM\..\Run: [Vqj] C:\WINDOWS\Gao.exe
O4 - HKLM\..\Run: [Bsv] C:\WINDOWS\Joq.exe
O4 - HKLM\..\Run: [Tfn] C:\WINDOWS\System32\Lqd.exe
O4 - HKLM\..\Run: [Hhl] C:\WINDOWS\System32\Odu.exe
O4 - HKLM\..\Run: [Glb] C:\WINDOWS\Shc.exe
O4 - HKLM\..\Run: [Bio] C:\WINDOWS\Jjs.exe
O4 - HKLM\..\Run: [Men] C:\WINDOWS\System32\Leo.exe
O4 - HKLM\..\Run: [Erk] C:\WINDOWS\Joj.exe
O4 - HKLM\..\Run: [Cph] C:\WINDOWS\System32\Ojh.exe
O4 - HKLM\..\Run: [Asb] C:\WINDOWS\Agl.exe
O4 - HKLM\..\Run: [Bln] C:\WINDOWS\System32\Mnd.exe
O4 - HKLM\..\Run: [Ghn] C:\WINDOWS\Hol.exe
O4 - HKLM\..\Run: [Hvm] C:\WINDOWS\Kfh.exe
O4 - HKLM\..\Run: [Trk] C:\WINDOWS\Dmr.exe
O4 - HKLM\..\Run: [Iog] C:\WINDOWS\System32\Cnt.exe
O4 - HKLM\..\Run: [Dcs] C:\WINDOWS\Vvr.exe
O4 - HKLM\..\Run: [Rle] C:\WINDOWS\Dat.exe
O4 - HKLM\..\Run: [Bhf] C:\WINDOWS\System32\Bua.exe
O4 - HKLM\..\Run: [Brm] C:\WINDOWS\System32\Jbq.exe
O4 - HKLM\..\Run: [Rgu] C:\WINDOWS\System32\Lbg.exe
O4 - HKLM\..\Run: [Kca] C:\WINDOWS\Ffm.exe
O4 - HKLM\..\Run: [Phv] C:\WINDOWS\System32\Aah.exe
O4 - HKLM\..\Run: [Gqq] C:\WINDOWS\Iou.exe
O4 - HKLM\..\Run: [Qaf] C:\WINDOWS\Qhd.exe
O4 - HKLM\..\Run: [Mvu] C:\WINDOWS\Iuu.exe
O4 - HKLM\..\Run: [Vpq] C:\WINDOWS\System32\Vms.exe
O4 - HKLM\..\Run: [Bsm] C:\WINDOWS\System32\Dic.exe
O4 - HKLM\..\Run: [Jsu] C:\WINDOWS\System32\Qro.exe
O4 - HKLM\..\Run: [Roi] C:\WINDOWS\Ptb.exe
O4 - HKLM\..\Run: [Mtq] C:\WINDOWS\System32\Sot.exe
O4 - HKLM\..\Run: [Mla] C:\WINDOWS\Clt.exe
O4 - HKLM\..\Run: [Ncu] C:\WINDOWS\Vsu.exe
O4 - HKLM\..\Run: [Doq] C:\WINDOWS\System32\Jvu.exe
O4 - HKLM\..\Run: [Psv] C:\WINDOWS\System32\Gpg.exe
O4 - HKLM\..\Run: [Neq] C:\WINDOWS\System32\Ehh.exe
O4 - HKLM\..\Run: [Uqc] C:\WINDOWS\Gih.exe
O4 - HKLM\..\Run: [Rjv] C:\WINDOWS\Kjk.exe
O4 - HKLM\..\Run: [Isv] C:\WINDOWS\Ltl.exe
O4 - HKLM\..\Run: [Hcn] C:\WINDOWS\System32\Rul.exe
O4 - HKLM\..\Run: [Cqs] C:\WINDOWS\System32\Kvu.exe
O4 - HKLM\..\Run: [Sep] C:\WINDOWS\Hgh.exe
O4 - HKLM\..\Run: [Qid] C:\WINDOWS\System32\Arm.exe
O4 - HKLM\..\Run: [Nkm] C:\WINDOWS\System32\Pgu.exe
O4 - HKLM\..\Run: [Iij] C:\WINDOWS\System32\Mak.exe
O4 - HKLM\..\Run: [Ano] C:\WINDOWS\Esp.exe
O4 - HKLM\..\Run: [Veq] C:\WINDOWS\Tvf.exe
O4 - HKLM\..\Run: [Kli] C:\WINDOWS\Jif.exe
O4 - HKLM\..\Run: [Cji] C:\WINDOWS\System32\Upt.exe
O4 - HKLM\..\Run: [Pjv] C:\WINDOWS\System32\Rkq.exe
O4 - HKLM\..\Run: [Fon] C:\WINDOWS\Bqk.exe
O4 - HKLM\..\Run: [Kjr] C:\WINDOWS\System32\Pvo.exe
O4 - HKLM\..\Run: [Gdd] C:\WINDOWS\Cpv.exe
O4 - HKLM\..\Run: [Lbq] C:\WINDOWS\System32\Tss.exe
O4 - HKLM\..\Run: [Aii] C:\WINDOWS\Plc.exe
O4 - HKLM\..\Run: [Ecm] C:\WINDOWS\Uuj.exe
O4 - HKLM\..\Run: [Cch] C:\WINDOWS\Kps.exe
O4 - HKLM\..\Run: [Scb] C:\WINDOWS\System32\Tfd.exe
O4 - HKLM\..\Run: [Grg] C:\WINDOWS\System32\Igk.exe
O4 - HKLM\..\Run: [Blj] C:\WINDOWS\Ebp.exe
O4 - HKLM\..\Run: [Pbi] C:\WINDOWS\Jlp.exe
O4 - HKLM\..\Run: [Lbl] C:\WINDOWS\She.exe
O4 - HKLM\..\Run: [Kof] C:\WINDOWS\System32\Kod.exe
O4 - HKLM\..\Run: [Dee] C:\WINDOWS\System32\For.exe
O4 - HKLM\..\Run: [Mth] C:\WINDOWS\Lli.exe
O4 - HKLM\..\Run: [Qaj] C:\WINDOWS\System32\Dts.exe
O4 - HKLM\..\Run: [Gqa] C:\WINDOWS\Mic.exe
O4 - HKLM\..\Run: [Avp] C:\WINDOWS\System32\Oko.exe
O4 - HKLM\..\Run: [Tnq] C:\WINDOWS\System32\Joo.exe
O4 - HKLM\..\Run: [Iri] C:\WINDOWS\Ssc.exe
O4 - HKLM\..\Run: [Sqr] C:\WINDOWS\Mjr.exe
O4 - HKLM\..\Run: [Sph] C:\WINDOWS\System32\Kbp.exe
O4 - HKLM\..\Run: [Qht] C:\WINDOWS\System32\Tfk.exe
O4 - HKLM\..\Run: [Rvd] C:\WINDOWS\Fqt.exe
O4 - HKLM\..\Run: [Qmj] C:\WINDOWS\Pcc.exe
O4 - HKLM\..\Run: [Dvs] C:\WINDOWS\Fql.exe
O4 - HKLM\..\Run: [Bcr] C:\WINDOWS\System32\Qkb.exe
O4 - HKLM\..\Run: [Pem] C:\WINDOWS\System32\Qag.exe
O4 - HKLM\..\Run: [For] C:\WINDOWS\Cap.exe
O4 - HKLM\..\Run: [Hgt] C:\WINDOWS\Pad.exe
O4 - HKLM\..\Run: [Gqb] C:\WINDOWS\Sgr.exe
O4 - HKLM\..\Run: [Dkc] C:\WINDOWS\Btk.exe
O4 - HKLM\..\Run: [Gsv] C:\WINDOWS\Vua.exe
O4 - HKLM\..\Run: [Paa] C:\WINDOWS\System32\Dro.exe
O4 - HKLM\..\Run: [Nhn] C:\WINDOWS\System32\Guh.exe
O4 - HKLM\..\Run: [Sfl] C:\WINDOWS\Iav.exe
O4 - HKLM\..\Run: [Nrf] C:\WINDOWS\Rdi.exe
O4 - HKLM\..\Run: [Pcj] C:\WINDOWS\Rel.exe
O4 - HKLM\..\Run: [Qjd] C:\WINDOWS\Gip.exe
O4 - HKLM\..\Run: [Snd] C:\WINDOWS\System32\Rud.exe
O4 - HKLM\..\Run: [Iaa] C:\WINDOWS\System32\Viq.exe
O4 - HKLM\..\Run: [Mpn] C:\WINDOWS\System32\Evv.exe
O4 - HKLM\..\Run: [Vmg] C:\WINDOWS\Kum.exe
O4 - HKLM\..\Run: [Hps] C:\WINDOWS\System32\Bro.exe
O4 - HKLM\..\Run: [Mfq] C:\WINDOWS\System32\Spf.exe
O4 - HKLM\..\Run: [Pur] C:\WINDOWS\System32\Nus.exe
O4 - HKLM\..\Run: [Fan] C:\WINDOWS\System32\Cai.exe
O4 - HKLM\..\Run: [Hrc] C:\WINDOWS\System32\Iuf.exe
O4 - HKLM\..\Run: [Afo] C:\WINDOWS\System32\Uda.exe
O4 - HKLM\..\Run: [Orp] C:\WINDOWS\Qfp.exe
O4 - HKLM\..\Run: [Gpq] C:\WINDOWS\System32\Ibi.exe
O4 - HKLM\..\Run: [Ltd] C:\WINDOWS\Hfs.exe
O4 - HKLM\..\Run: [Iva] C:\WINDOWS\Mdk.exe
O4 - HKLM\..\Run: [Eri] C:\WINDOWS\Blt.exe
O4 - HKLM\..\Run: [Nvr] C:\WINDOWS\System32\Utr.exe
O4 - HKLM\..\Run: [Evo] C:\WINDOWS\Akl.exe
O4 - HKLM\..\Run: [Toa] C:\WINDOWS\Hsv.exe
O4 - HKLM\..\Run: [Srv] C:\WINDOWS\Rcd.exe
O4 - HKLM\..\Run: [Sgv] C:\WINDOWS\System32\Hcu.exe
O4 - HKLM\..\Run: [Nee] C:\WINDOWS\Fma.exe
O4 - HKLM\..\Run: [Udt] C:\WINDOWS\Bgr.exe
O4 - HKLM\..\Run: [Kok] C:\WINDOWS\System32\Kbn.exe
O4 - HKLM\..\Run: [Cgo] C:\WINDOWS\System32\Vue.exe
O4 - HKLM\..\Run: [Gfg] C:\WINDOWS\System32\Ufu.exe
O4 - HKLM\..\Run: [Igr] C:\WINDOWS\System32\Stl.exe
O4 - HKLM\..\Run: [Djh] C:\WINDOWS\System32\Eqh.exe
O4 - HKLM\..\Run: [Qlf] C:\WINDOWS\Dvn.exe
O4 - HKLM\..\Run: [Mpo] C:\WINDOWS\System32\Ikk.exe
O4 - HKLM\..\Run: [Isf] C:\WINDOWS\Fva.exe
O4 - HKLM\..\Run: [Djk] C:\WINDOWS\System32\Hal.exe
O4 - HKLM\..\Run: [Kmm] C:\WINDOWS\Dmm.exe
O4 - HKLM\..\Run: [Cng] C:\WINDOWS\Rnr.exe
O4 - HKLM\..\Run: [Odc] C:\WINDOWS\System32\Heb.exe
O4 - HKLM\..\Run: [Meo] C:\WINDOWS\System32\Otu.exe
O4 - HKLM\..\Run: [Nrk] C:\WINDOWS\Ukd.exe
O4 - HKLM\..\Run: [Tkb] C:\WINDOWS\Svu.exe
O4 - HKLM\..\Run: [Doj] C:\WINDOWS\Kig.exe
O4 - HKLM\..\Run: [Ojg] C:\WINDOWS\System32\Jhn.exe
O4 - HKLM\..\Run: [Oeb] C:\WINDOWS\Jbh.exe
O4 - HKLM\..\Run: [Rqv] C:\WINDOWS\Alu.exe
O4 - HKLM\..\Run: [Oqo] C:\WINDOWS\System32\Ajf.exe
O4 - HKLM\..\Run: [Fkn] C:\WINDOWS\Kfk.exe
O4 - HKLM\..\Run: [Orj] C:\WINDOWS\Qhf.exe
O4 - HKLM\..\Run: [Agn] C:\WINDOWS\Qnd.exe
O4 - HKLM\..\Run: [Jhl] C:\WINDOWS\Arn.exe
O4 - HKLM\..\Run: [Rqd] C:\WINDOWS\System32\Btn.exe
O4 - HKLM\..\Run: [appnz.exe] C:\WINDOWS\system32\appnz.exe
O4 - HKLM\..\RunOnce: [mfcju.exe] C:\WINDOWS\system32\mfcju.exe
O4 - HKCU\..\Run: [Windows Update Checker] C:\WINDOWS\system32\deinst_qfe002.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Eks] C:\WINDOWS\Ebo.exe
O4 - HKCU\..\Run: [Ubi] C:\WINDOWS\System32\Qms.exe
O4 - HKCU\..\Run: [Jhs] C:\WINDOWS\System32\Mdr.exe
O4 - HKCU\..\Run: [Kno] C:\WINDOWS\System32\Jvv.exe
O4 - HKCU\..\Run: [Ach] C:\WINDOWS\Tjs.exe
O4 - HKCU\..\Run: [Iln] C:\WINDOWS\System32\Qcm.exe
O4 - HKCU\..\Run: [Gdg] C:\WINDOWS\System32\Vka.exe
O4 - HKCU\..\Run: [Egr] C:\WINDOWS\Bik.exe
O4 - HKCU\..\Run: [Voh] C:\WINDOWS\Rfc.exe
O4 - HKCU\..\Run: [Oqc] C:\WINDOWS\Bei.exe
O4 - HKCU\..\Run: [Eda] C:\WINDOWS\Ikk.exe
O4 - HKCU\..\Run: [Jdg] C:\WINDOWS\System32\Cdr.exe
O4 - HKCU\..\Run: [Ibu] C:\WINDOWS\System32\Pkg.exe
O4 - HKCU\..\Run: [Dmm] C:\WINDOWS\Lvr.exe
O4 - HKCU\..\Run: [Gfh] C:\WINDOWS\System32\Rdn.exe
O4 - HKCU\..\Run: [Qir] C:\WINDOWS\Lai.exe
O4 - HKCU\..\Run: [Nui] C:\WINDOWS\Dif.exe
O4 - HKCU\..\Run: [Vso] C:\WINDOWS\System32\Nvs.exe
O4 - HKCU\..\Run: [Nao] C:\WINDOWS\Mjl.exe
O4 - HKCU\..\Run: [Gif] C:\WINDOWS\System32\Dul.exe
O4 - HKCU\..\Run: [Hnk] C:\WINDOWS\System32\Csm.exe
O4 - HKCU\..\Run: [Kvu] C:\WINDOWS\Vce.exe
O4 - HKCU\..\Run: [Das] C:\WINDOWS\System32\Pbm.exe
O4 - HKCU\..\Run: [Rkn] C:\WINDOWS\Vpp.exe
O4 - HKCU\..\Run: [Mpf] C:\WINDOWS\Amg.exe
O4 - HKCU\..\Run: [Lrj] C:\WINDOWS\System32\Rod.exe
O4 - HKCU\..\Run: [Jfg] C:\WINDOWS\System32\Gom.exe
O4 - HKCU\..\Run: [Kkg] C:\WINDOWS\Qon.exe
O4 - HKCU\..\Run: [Nks] C:\WINDOWS\System32\Eas.exe
O4 - HKCU\..\Run: [Vvr] C:\WINDOWS\Pre.exe
O4 - HKCU\..\Run: [Rsr] C:\WINDOWS\Hvk.exe
O4 - HKCU\..\Run: [Qij] C:\WINDOWS\System32\Lan.exe
O4 - HKCU\..\Run: [Nsn] C:\WINDOWS\System32\Smp.exe
O4 - HKCU\..\Run: [Fvg] C:\WINDOWS\System32\Qgt.exe
O4 - HKCU\..\Run: [Cip] C:\WINDOWS\System32\Tdo.exe
O4 - HKCU\..\Run: [Clc] C:\WINDOWS\System32\Tiq.exe
O4 - HKCU\..\Run: [Hqu] C:\WINDOWS\Bfe.exe
O4 - HKCU\..\Run: [Uok] C:\WINDOWS\System32\Ggg.exe
O4 - HKCU\..\Run: [Qjg] C:\WINDOWS\Vmj.exe
O4 - HKCU\..\Run: [Fcp] C:\WINDOWS\Lmh.exe
O4 - HKCU\..\Run: [Tgn] C:\WINDOWS\System32\Ldt.exe
O4 - HKCU\..\Run: [Vpc] C:\WINDOWS\System32\Pph.exe
O4 - HKCU\..\Run: [Vcl] C:\WINDOWS\Njp.exe
O4 - HKCU\..\Run: [Dor] C:\WINDOWS\System32\Fbr.exe
O4 - HKCU\..\Run: [Tph] C:\WINDOWS\Uul.exe
O4 - HKCU\..\Run: [Jjf] C:\WINDOWS\Mgi.exe
O4 - HKCU\..\Run: [Kbf] C:\WINDOWS\Hco.exe
O4 - HKCU\..\Run: [Psm] C:\WINDOWS\System32\Dvl.exe
O4 - HKCU\..\Run: [Dlh] C:\WINDOWS\System32\Gic.exe
O4 - HKCU\..\Run: [Jcj] C:\WINDOWS\Gjh.exe
O4 - HKCU\..\Run: [Rtp] C:\WINDOWS\System32\Cum.exe
O4 - HKCU\..\Run: [Qbg] C:\WINDOWS\System32\Beb.exe
O4 - HKCU\..\Run: [Oah] C:\WINDOWS\Bmh.exe
O4 - HKCU\..\Run: [Qju] C:\WINDOWS\Drc.exe
O4 - HKCU\..\Run: [Kja] C:\WINDOWS\Fjo.exe
O4 - HKCU\..\Run: [Brj] C:\WINDOWS\System32\Ccr.exe
O4 - HKCU\..\Run: [Nbs] C:\WINDOWS\Oel.exe
O4 - HKCU\..\Run: [Dmp] C:\WINDOWS\Skt.exe
O4 - HKCU\..\Run: [Skf] C:\WINDOWS\Sbq.exe
O4 - HKCU\..\Run: [Ipr] C:\WINDOWS\System32\Mht.exe
O4 - HKCU\..\Run: [Lad] C:\WINDOWS\System32\Oru.exe
O4 - HKCU\..\Run: [Vqj] C:\WINDOWS\Gao.exe
O4 - HKCU\..\Run: [Bsv] C:\WINDOWS\Joq.exe
O4 - HKCU\..\Run: [Tfn] C:\WINDOWS\System32\Lqd.exe
O4 - HKCU\..\Run: [Hhl] C:\WINDOWS\System32\Odu.exe
O4 - HKCU\..\Run: [Glb] C:\WINDOWS\Shc.exe
O4 - HKCU\..\Run: [Bio] C:\WINDOWS\Jjs.exe
O4 - HKCU\..\Run: [Men] C:\WINDOWS\System32\Leo.exe
O4 - HKCU\..\Run: [Erk] C:\WINDOWS\Joj.exe
O4 - HKCU\..\Run: [Cph] C:\WINDOWS\System32\Ojh.exe
O4 - HKCU\..\Run: [Asb] C:\WINDOWS\Agl.exe
O4 - HKCU\..\Run: [Bln] C:\WINDOWS\System32\Mnd.exe
O4 - HKCU\..\Run: [Ghn] C:\WINDOWS\Hol.exe
O4 - HKCU\..\Run: [Hvm] C:\WINDOWS\Kfh.exe
O4 - HKCU\..\Run: [Trk] C:\WINDOWS\Dmr.exe
O4 - HKCU\..\Run: [Iog] C:\WINDOWS\System32\Cnt.exe
O4 - HKCU\..\Run: [Dcs] C:\WINDOWS\Vvr.exe
O4 - HKCU\..\Run: [Rle] C:\WINDOWS\Dat.exe
O4 - HKCU\..\Run: [Bhf] C:\WINDOWS\System32\Bua.exe
O4 - HKCU\..\Run: [Brm] C:\WINDOWS\System32\Jbq.exe
O4 - HKCU\..\Run: [Rgu] C:\WINDOWS\System32\Lbg.exe
O4 - HKCU\..\Run: [Kca] C:\WINDOWS\Ffm.exe
O4 - HKCU\..\Run: [Phv] C:\WINDOWS\System32\Aah.exe
O4 - HKCU\..\Run: [Gqq] C:\WINDOWS\Iou.exe
O4 - HKCU\..\Run: [Qaf] C:\WINDOWS\Qhd.exe
O4 - HKCU\..\Run: [Mvu] C:\WINDOWS\Iuu.exe
O4 - HKCU\..\Run: [Vpq] C:\WINDOWS\System32\Vms.exe
O4 - HKCU\..\Run: [Bsm] C:\WINDOWS\System32\Dic.exe
O4 - HKCU\..\Run: [Jsu] C:\WINDOWS\System32\Qro.exe
O4 - HKCU\..\Run: [Roi] C:\WINDOWS\Ptb.exe
O4 - HKCU\..\Run: [Mtq] C:\WINDOWS\System32\Sot.exe
O4 - HKCU\..\Run: [Mla] C:\WINDOWS\Clt.exe
O4 - HKCU\..\Run: [Ncu] C:\WINDOWS\Vsu.exe
O4 - HKCU\..\Run: [Doq] C:\WINDOWS\System32\Jvu.exe
O4 - HKCU\..\Run: [Psv] C:\WINDOWS\System32\Gpg.exe
O4 - HKCU\..\Run: [Neq] C:\WINDOWS\System32\Ehh.exe
O4 - HKCU\..\Run: [Uqc] C:\WINDOWS\Gih.exe
O4 - HKCU\..\Run: [Rjv] C:\WINDOWS\Kjk.exe
O4 - HKCU\..\Run: [Isv] C:\WINDOWS\Ltl.exe
O4 - HKCU\..\Run: [Hcn] C:\WINDOWS\System32\Rul.exe
O4 - HKCU\..\Run: [Cqs] C:\WINDOWS\System32\Kvu.exe
O4 - HKCU\..\Run: [Sep] C:\WINDOWS\Hgh.exe
O4 - HKCU\..\Run: [Qid] C:\WINDOWS\System32\Arm.exe
O4 - HKCU\..\Run: [Nkm] C:\WINDOWS\System32\Pgu.exe
O4 - HKCU\..\Run: [Iij] C:\WINDOWS\System32\Mak.exe
O4 - HKCU\..\Run: [Ano] C:\WINDOWS\Esp.exe
O4 - HKCU\..\Run: [Veq] C:\WINDOWS\Tvf.exe
O4 - HKCU\..\Run: [Kli] C:\WINDOWS\Jif.exe
O4 - HKCU\..\Run: [Cji] C:\WINDOWS\System32\Upt.exe
O4 - HKCU\..\Run: [Pjv] C:\WINDOWS\System32\Rkq.exe
O4 - HKCU\..\Run: [Fon] C:\WINDOWS\Bqk.exe
O4 - HKCU\..\Run: [Kjr] C:\WINDOWS\System32\Pvo.exe
O4 - HKCU\..\Run: [Gdd] C:\WINDOWS\Cpv.exe
O4 - HKCU\..\Run: [Lbq] C:\WINDOWS\System32\Tss.exe
O4 - HKCU\..\Run: [Aii] C:\WINDOWS\Plc.exe
O4 - HKCU\..\Run: [Ecm] C:\WINDOWS\Uuj.exe
O4 - HKCU\..\Run: [Cch] C:\WINDOWS\Kps.exe
O4 - HKCU\..\Run: [Scb] C:\WINDOWS\System32\Tfd.exe
O4 - HKCU\..\Run: [Grg] C:\WINDOWS\System32\Igk.exe
O4 - HKCU\..\Run: [Blj] C:\WINDOWS\Ebp.exe
O4 - HKCU\..\Run: [Pbi] C:\WINDOWS\Jlp.exe
O4 - HKCU\..\Run: [Lbl] C:\WINDOWS\She.exe
O4 - HKCU\..\Run: [Kof] C:\WINDOWS\System32\Kod.exe
O4 - HKCU\..\Run: [Dee] C:\WINDOWS\System32\For.exe
O4 - HKCU\..\Run: [Mth] C:\WINDOWS\Lli.exe
O4 - HKCU\..\Run: [Qaj] C:\WINDOWS\System32\Dts.exe
O4 - HKCU\..\Run: [Gqa] C:\WINDOWS\Mic.exe
O4 - HKCU\..\Run: [Avp] C:\WINDOWS\System32\Oko.exe
O4 - HKCU\..\Run: [Tnq] C:\WINDOWS\System32\Joo.exe
O4 - HKCU\..\Run: [Iri] C:\WINDOWS\Ssc.exe
O4 - HKCU\..\Run: [Sqr] C:\WINDOWS\Mjr.exe
O4 - HKCU\..\Run: [Sph] C:\WINDOWS\System32\Kbp.exe
O4 - HKCU\..\Run: [Qht] C:\WINDOWS\System32\Tfk.exe
O4 - HKCU\..\Run: [Rvd] C:\WINDOWS\Fqt.exe
O4 - HKCU\..\Run: [Qmj] C:\WINDOWS\Pcc.exe
O4 - HKCU\..\Run: [Dvs] C:\WINDOWS\Fql.exe
O4 - HKCU\..\Run: [Bcr] C:\WINDOWS\System32\Qkb.exe
O4 - HKCU\..\Run: [Pem] C:\WINDOWS\System32\Qag.exe
O4 - HKCU\..\Run: [For] C:\WINDOWS\Cap.exe
O4 - HKCU\..\Run: [Hgt] C:\WINDOWS\Pad.exe
O4 - HKCU\..\Run: [Gqb] C:\WINDOWS\Sgr.exe
O4 - HKCU\..\Run: [Dkc] C:\WINDOWS\Btk.exe
O4 - HKCU\..\Run: [Gsv] C:\WINDOWS\Vua.exe
O4 - HKCU\..\Run: [Paa] C:\WINDOWS\System32\Dro.exe
O4 - HKCU\..\Run: [Nhn] C:\WINDOWS\System32\Guh.exe
O4 - HKCU\..\Run: [Sfl] C:\WINDOWS\Iav.exe
O4 - HKCU\..\Run: [Nrf] C:\WINDOWS\Rdi.exe
O4 - HKCU\..\Run: [Pcj] C:\WINDOWS\Rel.exe
O4 - HKCU\..\Run: [Qjd] C:\WINDOWS\Gip.exe
O4 - HKCU\..\Run: [Snd] C:\WINDOWS\System32\Rud.exe
O4 - HKCU\..\Run: [Iaa] C:\WINDOWS\System32\Viq.exe
O4 - HKCU\..\Run: [Mpn] C:\WINDOWS\System32\Evv.exe
O4 - HKCU\..\Run: [Vmg] C:\WINDOWS\Kum.exe
O4 - HKCU\..\Run: [Hps] C:\WINDOWS\System32\Bro.exe
O4 - HKCU\..\Run: [Mfq] C:\WINDOWS\System32\Spf.exe
O4 - HKCU\..\Run: [Pur] C:\WINDOWS\System32\Nus.exe
O4 - HKCU\..\Run: [Fan] C:\WINDOWS\System32\Cai.exe
O4 - HKCU\..\Run: [Hrc] C:\WINDOWS\System32\Iuf.exe
O4 - HKCU\..\Run: [Afo] C:\WINDOWS\System32\Uda.exe
O4 - HKCU\..\Run: [Orp] C:\WINDOWS\Qfp.exe
O4 - HKCU\..\Run: [Gpq] C:\WINDOWS\System32\Ibi.exe
O4 - HKCU\..\Run: [Ltd] C:\WINDOWS\Hfs.exe
O4 - HKCU\..\Run: [Iva] C:\WINDOWS\Mdk.exe
O4 - HKCU\..\Run: [Eri] C:\WINDOWS\Blt.exe
O4 - HKCU\..\Run: [Nvr] C:\WINDOWS\System32\Utr.exe
O4 - HKCU\..\Run: [Evo] C:\WINDOWS\Akl.exe
O4 - HKCU\..\Run: [Toa] C:\WINDOWS\Hsv.exe
O4 - HKCU\..\Run: [Srv] C:\WINDOWS\Rcd.exe
O4 - HKCU\..\Run: [Sgv] C:\WINDOWS\System32\Hcu.exe
O4 - HKCU\..\Run: [Nee] C:\WINDOWS\Fma.exe
O4 - HKCU\..\Run: [Udt] C:\WINDOWS\Bgr.exe
O4 - HKCU\..\Run: [Kok] C:\WINDOWS\System32\Kbn.exe
O4 - HKCU\..\Run: [Cgo] C:\WINDOWS\System32\Vue.exe
O4 - HKCU\..\Run: [Gfg] C:\WINDOWS\System32\Ufu.exe
O4 - HKCU\..\Run: [Igr] C:\WINDOWS\System32\Stl.exe
O4 - HKCU\..\Run: [Djh] C:\WINDOWS\System32\Eqh.exe
O4 - HKCU\..\Run: [Qlf] C:\WINDOWS\Dvn.exe
O4 - HKCU\..\Run: [Mpo] C:\WINDOWS\System32\Ikk.exe
O4 - HKCU\..\Run: [Isf] C:\WINDOWS\Fva.exe
O4 - HKCU\..\Run: [Djk] C:\WINDOWS\System32\Hal.exe
O4 - HKCU\..\Run: [Kmm] C:\WINDOWS\Dmm.exe
O4 - HKCU\..\Run: [Cng] C:\WINDOWS\Rnr.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [Odc] C:\WINDOWS\System32\Heb.exe
O4 - HKCU\..\Run: [Meo] C:\WINDOWS\System32\Otu.exe
O4 - HKCU\..\Run: [Nrk] C:\WINDOWS\Ukd.exe
O4 - HKCU\..\Run: [Tkb] C:\WINDOWS\Svu.exe
O4 - HKCU\..\Run: [Doj] C:\WINDOWS\Kig.exe
O4 - HKCU\..\Run: [Ojg] C:\WINDOWS\System32\Jhn.exe
O4 - HKCU\..\Run: [Oeb] C:\WINDOWS\Jbh.exe
O4 - HKCU\..\Run: [Rqv] C:\WINDOWS\Alu.exe
O4 - HKCU\..\Run: [Oqo] C:\WINDOWS\System32\Ajf.exe
O4 - HKCU\..\Run: [Fkn] C:\WINDOWS\Kfk.exe
O4 - HKCU\..\Run: [Orj] C:\WINDOWS\Qhf.exe
O4 - HKCU\..\Run: [Agn] C:\WINDOWS\Qnd.exe
O4 - HKCU\..\Run: [Jhl] C:\WINDOWS\Arn.exe
O4 - HKCU\..\Run: [Rqd] C:\WINDOWS\System32\Btn.exe
Reply With Quote
  #13  
Old April 17th, 2005, 06:49 PM
SAT SAT is offline
New Member
 
Join Date: Apr 2005
Posts: 25
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: winupdate66259635[1].exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Liquid Internet - {4BA7AAA4-1F2F-436e-A877-8B0FB2418D33} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Liquid Internet - {4BA7AAA4-1F2F-436e-A877-8B0FB2418D33} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {43CF4C1E-4CEA-4706-93E8-FF5F7552D16D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {43CF4C1E-4CEA-4706-93E8-FF5F7552D16D} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.63.219.181.7
O15 - Trusted IP range: 64.62.171.156
O15 - Trusted IP range: 64.62.171.156 (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-18.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1108761923671
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab27571.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{59F34224-5EDD-415E-87F3-39FFA5D0BA66}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Network Security Service (NSS) (%AF) - Unknown owner - C:\WINDOWS\system32\ntzq32.exe (file missing)
Reply With Quote
  #14  
Old April 17th, 2005, 07:28 PM
tetonbob tetonbob is offline
Senior Member
 
Join Date: Jul 2004
Location: Brevard, NC
Posts: 705
Make sure system restore is enabled and make a restore point. This is in case you make a mistake you can restore the OS. Once your fixed..we will address the restore folder.

Download Hoster http://www.greyknight17.com/spy/Hoster.exe
Download and install CleanUp http://cleanup.stevengould.org/

Download the attachment I posted here called fixsec.txt. Save it to your desktop. Now rename it to fixsec.reg and save it as type All Files. DO NOT run it yet. This reg file restores the entry keys that this hijacker disables.

Right click on this link http://www.greyknight17.com/spy/DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards.

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also.

Go to Start->Run and type in services.msc and hit OK. Then look for Network Security Service and double click on it. Click on the Stop button and under Startup type, choose Disabled.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers.

Go into HijackThis->Config->Misc. Tools->Delete an NT Service. Copy and paste the following into the box and click on OK:

Network Security Service

Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be but make sure)
C:\WINDOWS\system32\mfcju.exe
C:\WINDOWS\Ebo.exe
C:\WINDOWS\system32\appnz.exe


Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry) I'm writing this fix this way because of space limitations in my reply.

O4 - HKLM\..\Run: [Eks] C:\WINDOWS\Ebo.exe
O4 - HKLM\..\Run: [Ubi] C:\WINDOWS\System32\Qms.exe
O4 - HKLM\..\Run: [Jhs] C:\WINDOWS\System32\Mdr.exe
......and all the 04 entries with 3 letter .exe files up to....
O4 - HKLM\..\Run: [Rqd] C:\WINDOWS\System32\Btn.exe
O4 - HKLM\..\Run: [appnz.exe] C:\WINDOWS\system32\appnz.exe
O4 - HKLM\..\RunOnce: [mfcju.exe] C:\WINDOWS\system32\mfcju.exe
O4 - HKCU\..\Run: [Windows Update Checker] C:\WINDOWS\system32\deinst_qfe002.exe
O4 - HKCU\..\Run: [Eks] C:\WINDOWS\Ebo.exe
O4 - HKCU\..\Run: [Ubi] C:\WINDOWS\System32\Qms.exe
O4 - HKCU\..\Run: [Jhs] C:\WINDOWS\System32\Mdr.exe
.....again, all 04 entries with 3 letter .exe's up to....
O4 - HKCU\..\Run: [Rqd] C:\WINDOWS\System32\Btn.exe
O4 - Startup: winupdate66259635[1].exe
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Liquid Internet - {4BA7AAA4-1F2F-436e-A877-8B0FB2418D33} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Liquid Internet - {4BA7AAA4-1F2F-436e-A877-8B0FB2418D33} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {43CF4C1E-4CEA-4706-93E8-FF5F7552D16D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {43CF4C1E-4CEA-4706-93E8-FF5F7552D16D} - (no file) (HKCU)
O15 - Trusted Zone: http://*.63.219.181.7
O15 - Trusted IP range: 64.62.171.156
O15 - Trusted IP range: 64.62.171.156 (HKLM)
O23 - Service: Network Security Service (NSS) (%AF) - Unknown owner - C:\WINDOWS\system32\ntzq32.exe (file missing)


Delete ALL those 3-4 letter files above and these files that I listed below.

**Note** This is easier then trying to highlight each of those 3-4 letter filenames. Also the files below MUST be added to the file deletion process.

C:\WINDOWS2\winpos.exe
C:\WINDOWS2\System32\vbsys2.dll
c:\WINDOWS\Aja.html
c:\WINDOWS\Cjr.exe
c:\WINDOWS\desktop.html
c:\WINDOWS\popup.html
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _46.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _48.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _50.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _52.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _54.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _56.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _57.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _58.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _60.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _62.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _64.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _66.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _68.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _70.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _72.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _73.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _74.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _75.xml
c:\WINDOWS\system32\Hcc.exe
c:\WINDOWS\PCHEALT <--folder

FDI.EXE <--locate and delete that one!!
C:\WINDOWS\system32\appnz.exe
C:\WINDOWS\system32\mfcju.exe
C:\WINDOWS\system32\deinst_qfe002.exe
winupdate66259635[1].exe
C:\WINDOWS\system32\ntzq32.exe


Open the hoster file and run the program to restore your hosts file.

Navigate to the C:\Windows\Prefetch folder and delete all files in that folder

Run the CleanUp utility and reboot/logoff when prompted.

Reboot back to normal mode. Now double click that fixsec.reg file we made and merge it into the registry. If it asks you..say YES to merge.

Once thats merged...Reboot the PC.

Now..once your back to normal windows..right click on the desktop..select properties...desktop..customize desktop...web..and uncheck anything listed. Now highlight and delete any entry that says security..or anything other then the default "My Current Homepage". Leave that entry be.

Run the CleanUp utility again...Reboot. Once back to normal windows post another hijackthis log. If those 04 entrys are back...repeat the process before posting as you missed a file for deletion. You MUST get them all..otherwise this thing reinstalls itself.
Attached Files
File Type: txt fixsec.txt (1.9 KB, 5 views)
Reply With Quote
  #15  
Old April 17th, 2005, 08:02 PM
tetonbob tetonbob is offline
Senior Member
 
Join Date: Jul 2004
Location: Brevard, NC
Posts: 705
Copy the following text within the quote to notepad....save it to your desktop as fixsec.reg, type All Files
Quote:
REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Desktop]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\ActiveDesktop]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\ActiveDesktop]

[HKEY_CURRENT_USER\Control Panel\Desktop]
"Wallpaper"=""
"OriginalWallpaper"=""
"ConvertedWallpaper"="C:\\WINDOWS\\Web\\Wallpaper\ \Windows XP.jpg"
"ConvertedWallpaper Last WriteTime"=hex:00,60,6b,4e,dd,27,c1,01

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer]
"ClassicShell"=-
"ForceActiveDesktopOn"=-
"NoActiveDesktop"=dword:00000001
"NoViewContextMenu"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General]
"BackupWallpaper"=""
"WallpaperFileTime"=hex:00,00,00,00,00,00,00,0 0
"WallpaperLocalFileTime"=hex:00,f8,29,17,d6,ff,ff, ff
"TileWallpaper"="0"
"Wallpaper"=""
"ComponentsPositioned"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\User Shell Folders]
"Desktop"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c, 45,25,5c, 44,65,73,6b,74,6f,\
70,00
"Custom Desktop"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer]
"NoViewContextMenu"=-


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Explorer\Shell Folders]
"Desktop"=""

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Explorer\User Shell Folders]
"Desktop"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c, 45,25,5c, 44,65,73,6b,74,6f,\
70,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Shell Folders]
"Common Desktop"="C:\\Documents and Settings\\All Users\\Desktop"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\User Shell Folders]
"Common Desktop"=hex(2):25,41,4c,4c,55,53,45,52,53,50,52,4 f,46,49, 4c,45,25,5c,\
44,65,73,6b,74,6f,70,00
Follow the previous instructions to merge this into your registry.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 10:51 AM.